RHEL 3 : nfs-utils (RHSA-2004:072)

Updated nfs-utils packages that fix a flaw leading to possible
rpc.mountd crashes are now available.

The nfs-utils package contains the rpc.mountd program, which
implements the NFS mount protocol.

A flaw was discovered in versions of rpc.mountd in nfs-utils versions
after 1.0.3 and prior to 1.0.6. When mounting a directory, rpc.mountd
could crash if the reverse lookup of the client in DNS failed to match
the forward lookup. An attacker who has the ability to mount remote
directories from a server could make use of this flaw to cause a
denial of service by making rpc.mountd crash.

Users are advised to upgrade to these updated packages, which contain
nfs-utils 1.0.6 and is not vulnerable to this issue.

NOTE: Red Hat Enterprise Linux 2.1 includes a version of rpc.mountd
that is not vulnerable to this issue.

Training & Certification

The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.